Automotive WiFi Security in News (Again...)

Teardown.com concludes that while security with wireless strategies is an issue going forward, the implied simplicity of hacking is overstated.

Recently, the team at Teardown.com engaged in a discussion regarding a Forbes.com article, which argues that a connected car can be easily hacked by a small hardware device.

The CAN Hacking Tool, or CHT. "Auto makers have long downplayed the threat of hacker attacks on their cars and trucks, arguing that their vehicles' increasingly-networked systems are protected from rogue wireless intrusion. Now two researchers plan to show that a few minutes alone … " -- from the Forbes story, "This iPhone-Sized Device Can Hack a Car, Researchers Plan to Demonstrate" by Andy Greenberg (Forbes, 2/05/2014).

Articles such as this Forbes story have created an atmosphere of concern about the digital security of a "connected" car. Given that we have over 14 years of teardown experience with a wide variety of devices ranging from cameras to cars, I sought input from one of our analysts concerning this subject. Based on our discussion, we determined that while security with wireless strategies is an issue going forward, the implied simplicity of hacking is overstated.

Clearly, the issues raised in the Forbes article have been around for some time (the article quotes a wireless attempt from 2011). The original Controller Area Network (CAN bus) was developed by Robert Bosch GmBH in 1983 and, as a low level protocol, does not employ security measures but leaves that up to the application developer to implement. Based on our analysts' knowledge and a fact that was admitted to in the article, hacking into a vehicle's CAN bus first requires physical access. This contradicts the hacker's standard operating procedure of REMOTE access which, by its nature, leaves them relatively free from discovery by law enforcement. So, ignoring the major obstacle of physical access, it's pretty safe to say that most vehicles with a networked communications bus would present a potential target for hackers.

It should be pointed out that we do NOT want to downplay the importance of this potential security issue. Opportunities to hack into a vehicle's communications network do exist, but as we progress toward autonomous vehicles of the future, wireless technologies are becoming tightly integrated into critical safety systems, and security issues will be resolved out of necessity.

We believe the reason this issue has garnered so much media attention recently is due to a heightened awareness of the lack of security for personal information, as well the proliferation of wireless vehicular communications via WiFi, Bluetooth, and cellular connectivity. Possibly exacerbating this concern is the upcoming, overdue decision by the NHTSA on whether to mandate vehicle-to-vehicle communications (V2V) in all new vehicles, the technology of which is partially derived from the popular WiFi 802.11 standard (802.11p).

At Teardown.com we're focused on increasing our involvement in automotive teardowns. To date we have complete analysis of the Chevy Volt (from battery subsystems to infotainment ICs) as well as numerous other ECM (engine control module), BCM (body control module), and GPS systems. We are excited to see what the future will bring and look forward to delivering the latest developments from worldwide leaders in automotive technology.

— Joel Martin is senior vice president & general manager of Teardown.com. Teardown.com, part of TechInsights, has been doing design, integrated circuit analysis, and bill of material costing for 15 years.

In my opinion, if we can judiciously decide what can be controlled by the V2V communications and what should be lfet only in the control of the native control system and the driver , then a lot of security concerns can be automatically addressed, regarding somebody taking complete control of the car's vital systems and forcing it crash or malfunction,

Even in some earler blogs also I have comented that , a dual control system is required in such cars - A native ( CAN base) system to control the cars vital systems such as Engine control, ABS, Airbags etc. , whereas the V2V system can monitor the car-to-car distance , speed limits, road obstacles and so on and this system should .

An increasing trend of research on the security vulnerability of autonomous cars would enable the manufacturers to come out with more robust security systems, hence this is good.

Reading through the article in Forbes I see that, this "CAN Hacking Tool" would still need physical access to the car by the hackers.

" Their tool, which is about three-quarters the size of an iPhone, attaches via four wires to the Controller Area Network or CAN bus of a vehicle..."

In this case the gadget made by the researchers would accept commands...which are supposed to be hacking commands when the gadget has to be physically hooked to the car's network. Hence I don't see a reason to panic yet as physical access to car's electronics could be restricted. Am I missing anything?

That's the panic. Let's say the car is networked, e.g. to support V2V communications. And let's say that the internal networks will allow an intruder to spoof ABS sensor signals. Some clever software geek may be able to generate a rapid sequence of "wheel stopped" signals to the ABS, preventing the brakes from operating as the driver expected.

The same sort of mechanism might be used on stability control systems, affecting the way the steering wheel might work.

These scenarios can be avoided, of course, but it does take discipline. Some of these back doors might not always be obvious. The urge to "network everything" has to be resisted, for one thing.

Communication Encryption has been around for quite a while in the military for wired connections. And wireless to for communication, say, between jet fighters. So I agree that this problem can be solved in time for V2V communication in the next few years. In fact, I'm hearing that the defense department will benefit from cheaper encryption if it becomes ubiquitous, just as they benefitted from cheaper electronics when smart phones started proliferating. The media is way over-reacting as usual.